ID de Prueba:	1.3.6.1.4.1.25623.1.0.51404
Categoría:	Conectiva Local Security Checks
Título:	Conectiva Security Advisory CLA-2003:615
Resumen:	NOSUMMARY
Descripción:	Description: The remote host is missing updates announced in advisory CLA-2003:615. Samba provides SMB/CIFS services (such as file and printer sharing) used by clients compatible with Microsoft Windows(TM). The SuSE Security Team performed a security audit in parts of the Samba project code and found various problems in both the client and server implementations. Among these problems is a buffer overflow[1] vulnerability in the packet fragment re-assembly code. A remote attacker who is able to connect to the samba server may gain root privileges on it by exploiting this vulnerability. The vulnerability also affects the client library code, thus it is possible to exploit applications which use samba library functions by using a malicious samba server to send traffic to them. Additionally, a race condition[2] was discovered which could allow a local attacker to overwrite critical system files. In Conectiva Linux versions 7.0 and 8 samba is being upgraded to the latest stable version: 2.2.8. This version fixes the above vulnerabilities and includes several other fixes and additional features[3]. In Conectiva Linux 6.0, a patch with fixes the above vulnerabilities was applied to the package originally distributed, keeping samba in its original version (2.0.9). Solution: The apt tool can be used to perform RPM package upgrades by running 'apt-get update' followed by 'apt-get upgrade' http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2003-0085 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2003-0086 http://www.samba.org/samba/whatsnew/samba-2.2.8.html http://www.securityspace.com/smysecure/catid.html?in=CLA-2003:615 http://distro.conectiva.com.br/atualizacoes/index.php?id=a&anuncio=002003 Risk factor : Critical CVSS Score: 10.0
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2003-0085 http://www.securityfocus.com/archive/1/316165/30/25370/threaded BugTraq ID: 7106 http://www.securityfocus.com/bid/7106 Bugtraq: 20030317 GLSA: samba (200303-11) (Google Search) http://marc.info/?l=bugtraq&m=104792646416629&w=2 Bugtraq: 20030317 Security Bugfix for Samba - Samba 2.2.8 Released (Google Search) http://marc.info/?l=bugtraq&m=104792723017768&w=2 Bugtraq: 20030318 [OpenPKG-SA-2003.021] OpenPKG Security Advisory (samba) (Google Search) http://marc.info/?l=bugtraq&m=104801012929374&w=2 Bugtraq: 20030325 Fwd: APPLE-SA-2003-03-24 Samba, OpenSSL (Google Search) Bugtraq: 20030401 Immunix Secured OS 7+ samba update (Google Search) http://www.securityfocus.com/archive/1/317145/30/25220/threaded CERT/CC vulnerability note: VU#298233 http://www.kb.cert.org/vuls/id/298233 Debian Security Information: DSA-262 (Google Search) http://www.debian.org/security/2003/dsa-262 http://www.gentoo.org/security/en/glsa/glsa-200303-11.xml Immunix Linux Advisory: IMNX-2003-7+-003-01 http://www.mandriva.com/security/advisories?name=MDKSA-2003:032 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A552 http://www.redhat.com/support/errata/RHSA-2003-095.html http://www.redhat.com/support/errata/RHSA-2003-096.html http://secunia.com/advisories/8299 http://secunia.com/advisories/8303 SGI Security Advisory: 20030302-01-I ftp://patches.sgi.com/support/free/security/advisories/20030302-01-I SuSE Security Announcement: SuSE-SA:2003:016 (Google Search) http://www.novell.com/linux/security/advisories/2003_016_samba.html Common Vulnerability Exposure (CVE) ID: CVE-2003-0086 BugTraq ID: 7107 http://www.securityfocus.com/bid/7107 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A554
Copyright	Copyright (c) 2005 E-Soft Inc. http://www.securityspace.com

Esta es sólo una de 145615 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa. Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.